Skip to content

[duplicate-code] Duplicate Code Detected: Safe-inputs MCP server bootstrap #5786

New issue
New issue
Closed
#5788
Closed
[duplicate-code] Duplicate Code Detected: Safe-inputs MCP server bootstrap#5786
#5788
Assignees
copilot-swe-agent
Labels
automated-analysiscode-quality
@github-actions

Description

@github-actions
github-actions
bot
opened on Dec 7, 2025

🔍 Duplicate Code Detected: Safe-inputs MCP server bootstrap

Analysis of commit 8d26b38

Assignee: @copilot

Summary

The safe-inputs server startup logic is duplicated between the stdio entrypoint and the HTTP entrypoint. Both modules load the config, resolve handler paths, register tools, and delete the config file with nearly identical code paths, increasing maintenance risk when adding validation or telemetry.

Duplication Details

Pattern: Repeated safe-inputs server creation/config loading

  • Severity: Medium
  • Occurrences: 2 implementations
  • Locations:
    • pkg/workflow/js/safe_inputs_mcp_server.cjs (lines 49-88)
    • pkg/workflow/js/safe_inputs_mcp_server_http.cjs (lines 37-129)
  • Code Sample: 
    // safe_inputs_mcp_server.cjs
const config = loadConfig(configPath);
const basePath = path.dirname(configPath);
const server = createServer({ name: serverName, version }, { logDir });
const tools = loadToolHandlers(server, config.tools, basePath);
tools.forEach(tool => registerTool(server, tool));
// delete config file

// safe_inputs_mcp_server_http.cjs
const config = loadConfig(configPath);
const basePath = path.dirname(configPath);
const server = new MCPServer({ name: serverName, version }, { capabilities: { tools: {} } });
const tools = loadToolHandlers(tempServer, config.tools, basePath);
tools.forEach(tool => server.tool(tool.name, tool.description, tool.inputSchema, handler));
// delete config file

Impact Analysis

  • Maintainability: Changes to config parsing, logging, or deletion must be applied twice, risking drift between transports.
  • Bug Risk: Validation differences (logDir handling, required fields) can cause HTTP and stdio modes to behave inconsistently.
  • Code Bloat: Extra bootstrap logic increases surface area for future fixes.

Refactoring Recommendations

  1. Extract shared safe-inputs server factory

    • Create a single helper (e.g., createSafeInputsServer(configPath, options)) returning the configured server and tools; both stdio and HTTP entrypoints should consume it.
    • Estimated effort: 3-4 hours.
    • Benefits: One code path for config handling, logging, and cleanup.

  2. Align transport selection

    • Parameterize transport (stdio vs HTTP) while reusing the shared registration/cleanup logic.
    • Estimated effort: 2 hours.
    • Benefits: Consistent behavior regardless of transport.

Implementation Checklist

  • Review duplication findings
  • Prioritize refactoring tasks
  • Create refactoring plan
  • Implement changes
  • Update tests
  • Verify no functionality broken

Analysis Metadata

  • Analyzed Files: 4
  • Detection Method: Serena semantic code analysis
  • Commit: 8d26b38
  • Analysis Date: 2025-12-07 21:05:05Z

AI generated by Duplicate Code Detector

Metadata

Metadata

Assignees

Labels

automated-analysiscode-quality

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions